跳转到主内容

如何在ONTAP 9中将卷的安全模式从UNIX更改为NTFS

Views:
41
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

ONTAP 9

问题描述

本文包含有关修改现有卷/qtree的安全模式以及将NTFS权限传播到 ONTAP 9中的子文件夹和文件的说明

操作步骤

  1. 将卷或qtree的安全模式修改为NTFS:

::> volume modify -vserver vserver_name -volume -security-style ntfs

  •     更改安全模式后、卷的根目录将会更新
    示例

    Cluster::> vserver security file-directory show -vserver Vs1 -path  /vol1

             Vserver: Vs1
            File Path: /vol1
        File Inode Number: 96
         Security Style: ntfs
         Effective Style: ntfs
         DOS Attributes: 10
     DOS Attributes in Text: ----D---
    Expanded Dos Attributes: -
          UNIX User Id: 0
          UNIX Group Id: 0
         UNIX Mode Bits: 777
     UNIX Mode Bits in Text: rwxrwxrwx
              ACLs: NTFS Security Descriptor
                 Control:0x8004
                 Owner:BUILTIN\Administrators
                 Group:BUILTIN\Administrators
                 DACL - ACEs
                  ALLOW-Everyone-0x1f01ff-(Inherited)
                  ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)

  • 对任何子对象所做的唯一更改是安全模式
    示例

    Cluster::> vserver security file-directory show -vserver Vs1 -path  /vol1/new.txt

             Vserver: Vs1
            File Path: /vol1/new.txt
        File Inode Number: 102
         Security Style: ntfs
         Effective Style: unix
         DOS Attributes: 20
     DOS Attributes in Text: ---A----
    Expanded Dos Attributes: -
          UNIX User Id: 0
          UNIX Group Id: 1
         UNIX Mode Bits: 777
     UNIX Mode Bits in Text: rwxrwxrwx
              ACLs: -

  1. 在Windows端执行以下步骤、将DACL信息传播到子文件夹和文件。
  • 从窗口访问共享、然后导航到"属性"下的"安全"选项卡中的"高级"选项
  • 单击所有者旁边的"更改"、选择适当的用户
  • 单击"将所有子对象权限条目替换为此对象的可继承权限条目"选项、然后单击应用

注意:您可以根据需要在父文件夹上添加/删除DACL、然后再单击上面的选项。

clipboard_e24a4389b7b57c5c1cea300657c50907c.png

  • 此过程完成后、所有子对象现在都将NTFS显示为有效安全模式、并应用NTFS ACL
  • 在此过程完成之前、ONTAP将强制实施UNIX permissions​​​​​​

追加信息

  • 当qtree的安全模式为UNIX时、qtree上的文件目录以及其下的文件/文件夹的输出
示例

::> file-directory show -vserver svm01 -path /vol1/tree3
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3
    File Inode Number: 1346562
     Security Style: unix
     Effective Style: unix
     DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 0
     UNIX Mode Bits: 755
 UNIX Mode Bits in Text: rwxr-xr-x
          ACLs: -

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1
    File Inode Number: 1346564
     Security Style: unix
     Effective Style: unix
     DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 755
 UNIX Mode Bits in Text: rwxr-xr-x
          ACLs: -

 

::>file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1/file2.txt
    File Inode Number: 1346565
     Security Style: unix
     Effective Style: unix
     DOS Attributes: 20
 DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 755
 UNIX Mode Bits in Text: rwxr-xr-x
          ACLs: -

  • 将qtree的安全模式修改为NTFS且未向Microsoft Windows客户端上的子对象继承权限时、文件目录的输出将显示在qtree上及其下的文件/文件夹上
示例

::> file-directory show -vserver svm01 -path /vol1/tree3
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3
    File Inode Number: 1346562
     Security Style: ntfs
     Effective Style: ntfs
     DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 0
     UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
          ACLs: NTFS Security Descriptor
             Control:0x8004
             Owner:BUILTIN\Administrators
             Group:BUILTIN\Administrators
             DACL - ACEs
              ALLOW-Everyone-0x1f01ff
              ALLOW-Everyone-0x10000000-OI|CI|IO

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1
    File Inode Number: 1346564
     Security Style: ntfs
     Effective Style: unix
     DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 755
 UNIX Mode Bits in Text: rwxr-xr-x
          ACLs: -

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1/file2.txt
    File Inode Number: 1346565
     Security Style: ntfs
     Effective Style: unix
     DOS Attributes: 20
 DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 755
 UNIX Mode Bits in Text: rwxr-xr-x
          ACLs: -

  •  将qtree的安全模式修改为NTFS并对Microsoft Windows客户端上的子对象具有继承权限时、文件目录输出将显示在qtree上及其下的文件/文件夹
示例

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1
    File Inode Number: 1346564
     Security Style: ntfs
     Effective Style: ntfs
     DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
          ACLs: NTFS Security Descriptor
             Control:0x8504
             Owner:BUILTIN\Administrators
             Group:NASLAB\Domain Users
             DACL - ACEs
              ALLOW-Everyone-0x1f01ff-OI|CI (Inherited)

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
  (vserver security file-directory show)

         Vserver: svm01
        File Path: /vol1/tree3/folder1/file2.txt
    File Inode Number: 1346565
     Security Style: ntfs
     Effective Style: ntfs
     DOS Attributes: 20
 DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
      UNIX User Id: 0
      UNIX Group Id: 1
     UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
          ACLs: NTFS Security Descriptor
             Control:0x8504
             Owner:BUILTIN\Administrators
             Group:NASLAB\Domain Users
             DACL - ACEs
              ALLOW-Everyone-0x1f01ff-(Inherited)

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.